From ${URL} :
Title: DoS vulnerability in the BMP image handler
Risk Rating: Low
CVE: CVE-2015-0295
Platforms: All
Modules: QtBase
Versions: All versions before 5.5
Author: Richard J. Moore <rich at kde.org>
Date: 22 February 2015
Overview
--------
The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would
lead to a divsion by zero when loading certain corrupt BMP files. This in
turn
would cause the application loading these hand crafted BMPs to crash.
Details
-------
It is possible to construct BMP files such that when calculating the masks
required to extract the colour components a division by zero occurred.
Impact
------
An application loading the malicious BMP file will crash.
Workaround
----------
None
Solution
--------
Upgrade to Qt 5.5 once released or apply the patches below:
For Qt 5.0 to 5.4:
https://codereview.qt-project.org/106929
For Qt 4.8:
https://codereview.qt-project.org/107108
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

(In reply to Davide Pesavento from comment #1)
> So let me understand... every crash is a security vulnerability now? A
> division-by-zero is not exploitable by itself afaik.
It is if it is not caught and as such crashes: resulting in Denial of Service.

(In reply to Davide Pesavento from comment #3)
> So every externally triggerable crash is a DoS?
Basically yes, although it would in some circumstances depend on the security properties stated by the upstream. I haven't looked into this bug too closely but I imagine it is caused due to a CWE-20: Improper Input Validation.

CVE-2015-0295 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0295):
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the
masks used to extract the color components, which allows remote attackers to
cause a denial of service (divide-by-zero and crash) via a crafted BMP file.